Apache HTTP Server – Building a LAMP Server (2019)

Post navigation

This is the fifth article in a series on building the ultimate LAMP Server. This covers installing Apache HTTP Server from source. Even for distros which maintain current versions, the Apache Software Foundation recommends compiling HTTP Server from source.

Apache Prerequisites

PCRE

Although your distro probably already has PCRE installed, the Apache website recommends compiling the most recent version for use with HTTP Server. Apache requires the latest version of the original PCRE library and not PCRE2. See the PCRE site for the most current version of PCRE and edit the first line below as necessary.

The GPG commands will ensure the download matches the signature. If you don’t see "Good signature" in the output, then you have a corrupted download and should run the commands again. Now extract the archive, compile, and install:

OpenSSL

Due to security issues and bugs, I highly recommend compiling OpenSSL from source rather than relying on the version that comes with your distro. For example: as of this writing, the LTS (long-term support) branch is 1.1.1, which is at version 1.1.1a. But CentOS uses 1.0.2k (even the 1.0 branch is currently at 1.0.2q). See the OpenSSL website for current version information.

You can check your current version with:

openssl version

Important: Even if you have the latest version provided by your system, Apache may still fail to compile unless you compile OpenSSL from source. (This happened to me with Fedora, although Arch Linux had no issues with the latest version as provided on the system.) However, a side-by-side installation of two versions of OpenSSL using the same libraries can cause conflicts, possibly breaking things like your package manager or preventing you from generating certificates. So follow my instructions carefully, which worked for all tested distributions.

Download and compile. For this example I will be installing the current latest stable version. Change version number on the first line if necessary, and copy/paste the rest into your SSH terminal.

Assuming all tests passed, you can continue. Important: If you did not compile Perl from source as recommended in the last post, the installation may fail. To overcome this, either compile Perl from source or install perl-podlators via your package manager.

Important: In rare cases you may have issues with libraries conflicting. I mainly ran into this on Fedora. You will know if this happens because things which rely on OpenSSL such as your package manager may give you error messages about libssl.so.1.1 or something similar. If this happens, use the following fix:

sudo rm /etc/ld.so.conf.d/openssl.conf
sudo ldconfig

Download Apache Files

You can make this process a lot faster if you use a browser on a desktop system to download the files and transfer them via SFTP to your LAMP server. This is easily done via Bitvise or other SFTP clients. Below I will cover the slightly more complicated method (caused so because of how Apache mirrors are linked to on their website).

In the following example, the Apache mirror it found for me was "http://mirror.cogentco.com/pub/apache/" so replace that string and the version numbers in the first few lines below with whatever you found. Then copy/paste the rest of the commands into your SSH terminal.

Build and Install

Now configure the source tree, build, and install. Below is the syntax I used but you may want to alter some options. See the Apache documentation for more options. If you did not compile OpenSSL as described above, you can try using the system-provided version by omitting the --with-ssl option, but this didn’t work for me with Fedora (though it did with Arch Linux).

Ignore the possible error about the lack of a FQDN for now. If everything worked you should see the words "It works!" at the top of the screen. Then exit Lynx with q.

Configure Apache

The first version of this tutorial, written years ago, assumed you were using SysVinit rather than Systemd under CentOS/Fedora, but since then almost all distributions use Systemd to start services, so I will only be covering that in this tutorial.

The restart option can cause problems if you don’t properly shut down Apache with systemctl (see below) before upgrading Apache later, but it helps ensure Apache will restart if it encounters a problem. Save and exit. Then:

sudo systemctl daemon-reload
sudo systemctl enable apache2.service

Apache should load at startup now. You can also easily start/stop/restart it with:

Let’s get rid of that annoying error FQDN message now (if you encountered it)…

sudo nano /opt/apache/conf/httpd.conf

Go down and un-comment/edit the line that begins with "#ServerName" so it says something like:

ServerName lamp.localdomain:80

Change the above to match whatever FQDN you gave the system during install (or just use the static IP address). While you are in here you may also want to un-comment any needed modules. Common modules you may need include mod_cgid and mod_rewrite (Ctrl-W comes in handy here). We will cover the SSL stuff in a minute.

After saving and exiting nano, do the following to ensure you don’t get the FQDN error anymore:

sudo systemctl restart apache2.service

Setup SSL

Now set up SSL if desired. You need to edit the configuration file again:

sudo nano /opt/apache/conf/httpd.conf

Find and un-comment the following three lines, which are not together (Ctrl-W comes in handy here):

Save and exit. For now we are not going to edit the "httpd-ssl.conf" configuration file so just generate and sign a certificate. First, generate the key (you may wish to use a 2048 bit key for compatibility reasons):

cd ~
openssl genrsa -out server.key 4096

I didn’t use the -des3 option above because I don’t want to have to enter a password every time Apache starts (and this is just a test server). Now let’s create the CSR:

openssl req -new -key server.key -out server.csr

The above command will ask for some info to be included in the certificate. Go with defaults or customize as desired. Finally, we can create the actual certificate:

Lynx will complain about it being a self-signed certificate. Just verify it is okay with y.

This is also a good time to test the connection from the host system (if using a VM) or another computer on your network using a browser like Firefox or Chrome. Just open your browser of choice and type each of the following in turn into the address bar (adjusting the IP address if needed):

http://192.168.56.101
https://192.168.56.101

You will get a security warning for the SSL site. That is expected, so confirm the certificate. If something went wrong, the problem is most likely with your firewall settings, so go back to that section in the OS installation article and check that the HTTP/HTTPS ports are open on your local network.